Hi, the servlet specs says : 'The getUserPrincipal method determines the principal name of the current user, the user group to which the principal belongs is retrieved from server's security attributes. The principal is in the security role only if the user's group matches the user group to which the security has been mapped by the deployer.' I failed to understand what is known as a principal / principal' group ? Pls. let me know.